From ee7cb7b6815a7e6ca0274e7d188ed5e18e135ef2 Mon Sep 17 00:00:00 2001
From: dimstar <>
Date: Aug 25 2021 19:06:28 +0000
Subject: Update accountsservice to version 0.6.55 / rev 72 via SR 913679
https://build.opensuse.org/request/show/913679
by user dimstar + dimstar_suse
- Spec layout cleaning up for harden_accounts-daemon.service.patch. (forwarded request 910817 from yfjiang)
---
diff --git a/.files b/.files
index 7b70786..fa60a12 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index f883ad2..4796c34 100644
--- a/.rev
+++ b/.rev
@@ -1042,4 +1042,12 @@ By now, it's required for sle-15, so synchronized the updated specfile and chang
879128
+
+ 803b9e26664e22c52d3add337b1ce271
+ 0.6.55
+
+ dimstar_suse
+ - Spec layout cleaning up for harden_accounts-daemon.service.patch. (forwarded request 910817 from yfjiang)
+ 913679
+
diff --git a/accountsservice.changes b/accountsservice.changes
index 3fe30c3..8a1ffe3 100644
--- a/accountsservice.changes
+++ b/accountsservice.changes
@@ -1,4 +1,15 @@
-------------------------------------------------------------------
+Mon Aug 9 09:36:20 UTC 2021 - Yifan Jiang
+
+- Spec layout cleaning up for harden_accounts-daemon.service.patch.
+
+-------------------------------------------------------------------
+Tue Jul 27 11:53:56 UTC 2021 - Johannes Segitz
+
+- Added hardening to systemd service(s). Added patch(es):
+ * harden_accounts-daemon.service.patch
+
+-------------------------------------------------------------------
Tue Mar 2 21:05:33 UTC 2021 - Antoine Belvire
- Add accountsservice-fix-gdm-crash.patch: Prevent crash of gdm
diff --git a/accountsservice.spec b/accountsservice.spec
index a126fd8..a88d9b3 100644
--- a/accountsservice.spec
+++ b/accountsservice.spec
@@ -36,6 +36,8 @@ Patch2: accountsservice-read-root-user-cache.patch
Patch3: accountsservice-wtmp-io-improvements.patch
# PATCH-FIX-UPSTREAM accountsservice-fix-gdm-crash.patch glfo#accountsservice/accountsservice#55 antoine.belvire@opensuse.org -- Prevent gdm crash upon service restart when autologin is enabled
Patch4: accountsservice-fix-gdm-crash.patch
+# PATCH-FIX-OPENSUSE harden_accounts-daemon.service.patch jsegitz@suse.com -- For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+Patch5: harden_accounts-daemon.service.patch
## SLE and Leap only patches start at 1000
# PATCH-FEATURE-SLE as-fate318433-prevent-same-account-multi-logins.patch fate#318433 cxiong@suse.com -- prevent multiple simultaneous login.
@@ -103,6 +105,7 @@ querying and manipulating user account information.
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
# SLE and Leap patches start at 1000
%if 0%{?sle_version}
diff --git a/harden_accounts-daemon.service.patch b/harden_accounts-daemon.service.patch
new file mode 100644
index 0000000..00af038
--- /dev/null
+++ b/harden_accounts-daemon.service.patch
@@ -0,0 +1,21 @@
+Index: accountsservice-0.6.55/data/accounts-daemon.service.in
+===================================================================
+--- accountsservice-0.6.55.orig/data/accounts-daemon.service.in
++++ accountsservice-0.6.55/data/accounts-daemon.service.in
+@@ -8,6 +8,16 @@ After=nss-user-lookup.target
+ Wants=nss-user-lookup.target
+
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectHome=true
++PrivateDevices=true
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
+ Type=dbus
+ BusName=org.freedesktop.Accounts
+ ExecStart=@libexecdir@/accounts-daemon